MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75b24a04b7ddddd036a8e677061e2cd86bc74f147f4b59de463964476db5f003. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75b24a04b7ddddd036a8e677061e2cd86bc74f147f4b59de463964476db5f003
SHA3-384 hash: 444ad0a0639258032261909808dbced390f3a208fa19f473975da6bb6d8e76103a43da724fb9f383ac384082077c6cb7
SHA1 hash: 658bf787c490baed9fce56f630c3351ad0d1916f
MD5 hash: 8159db73e81a064754313a4fd2e066ac
humanhash: video-twenty-fillet-lemon
File name:SecuriteInfo.com.Trojan.GenericKD.43056666.25773.16993
Download: download sample
Signature ZLoader
Create hunting rule
File size:458'752 bytes
First seen:2020-04-28 12:57:25 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2b9a2108ff33305e25f55074c6e44a25 (1 x ZLoader)
ssdeep 6144:yaz0AYKU97JVsxciDeupf7DqF2uB9jWaysaI36Hku5ZBUEKhbME+NeBY21:JHYKJByRF2uB9jWN3o6TebMh21
Threatray 50 similar samples on MalwareBazaar
TLSH 24A4AE117AA8C9EFE4696936ED12D5FC85987C20CF70E8A336E4BF1F7A713D04124929
Reporter SecuriteInfoCom
Tags:ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43056666.25773.16993.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 01:00:47 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=owzeubfx3xo5anvi4z3qmhrm3bv4otyup5fvtxsghfseo3nv6abq._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
29bf6be1fa9e4b72bb9e2eeb8156ea1c03311d157d1bb28a0cea1328c6fd473d
ZLoader
7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d
ZLoader
81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
ZLoader
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
ZLoader
92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
ZLoader
be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45
ZLoader
cb762227729d0faadc4c33a4a55b513673a9c76284773535b0e07d7e47d8413e
ZLoader
d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902
ZLoader
edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
ZLoader
fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
ZLoader
+ 40 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 75b24a04b7ddddd036a8e677061e2cd86bc74f147f4b59de463964476db5f003

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/353086/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::FreeSid
ADVAPI32.dll::SetEntriesInAclA
ADVAPI32.dll::InitializeSecurityDescriptor
MULTIMEDIA_APICan Play MultimediaAVIFIL32.dll::AVIFileExit
AVIFIL32.dll::AVIFileInit
AVIFIL32.dll::AVIStreamEndStreaming
AVIFIL32.dll::AVIStreamGetFrameOpen
AVIFIL32.dll::AVIStreamGetFrameClose
AVIFIL32.dll::AVIStreamGetFrame
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::SetSecurityDescriptorDacl
WIN32_PROCESS_APICan Create Process and ThreadsADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::GetWindowsDirectoryA
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExA
ADVAPI32.dll::RegDeleteKeyA
ADVAPI32.dll::RegOpenKeyExA
ADVAPI32.dll::RegOpenKeyA
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegSetValueExA
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::OpenSCManagerA
ADVAPI32.dll::OpenServiceA
ADVAPI32.dll::QueryServiceStatus
ADVAPI32.dll::RegisterServiceCtrlHandlerA
ADVAPI32.dll::StartServiceCtrlDispatcherA
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuA

Comments